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Abstract — We present a logical correspondence between nat- 
ural semantics and abstract machines. This correspondence en- 
ables the mechanical and fully-correct construction of an abstract 
machine from a natural semantics. Our logical correspondence 
mirrors the Reynolds functional correspondence but places it in a 
logical setting, as both semantics are encoded in a substructural 
logical framework. 

I. Introduction 

The literature contains numerous semantic specifications 
and therefore many proposals for relating them. These rela- 
tions are stated using a diversity of methods and methodolo- 
gies. To the best of the authors' knowledge, only one, the 
Reynolds functional correspondence pi, EH has seen repeated 
use outside the work of its inventors |3J, jj4J. Our goal J5J, (6| 
is to develop a logical counterpart. We want it to be formal, 
mechanizable and, like the functional correspondence, widely 
applicable. 

In this paper, we describe a method for relating natural 
semantics with abstract machines within a common logical 
framework. We take advantage of the fact that substructural 
logic provides an adequate specification language for different 
types of specifications. 

We motivate our work by recalling how divergence and 
failure interact with natural semantics and abstract machine 
semantics. Expressions are A-terms in addition to an extra 
nonsense term, here denoted by junk. As usual, syntactic 
values are A-abstractions, and contexts are a list of application 
frames terminated by the empty frame halt: 

e ::= x \ Xx.e | ei e 2 | junk 
v ::= Xx.e 

k :: = halt | k; □ e 2 | k; (Xx.e) □ 

We give two semantics for call-by-value (CBV) evaluation: 
Figure [T] defines a big-step semantics in the form of a natural 
semantics (7), (8); Figure [2] defines a small-step semantics in 
the form of an abstract machine. Common to these specifica- 
tions is the appearance of being specified by the same logical 
tool: inductive definitions. Despite this, the two specifications 
have a very different character. 

Consider the term us = (Xx.x x) (Xx.x x). The abstract 
machine can characterize developments of uj. The natural 
semantics cannot find a v such that u; JJ. v is derivable. As 
a small-step semantics the abstract machine can characterize 
how ((Xx.xx) junk) goes wrong. As a big-step semantics the 



ei J). Xx.e e 2 -r| v 2 e[v 2 /x] J| v 
Xx.e JJ- Xx.e ei e 2 JJ- v 

Fig. 1. A natural semantics for CBV evaluation 



k > Xx.e i— > k <i Xx.e k > e± e 2 i-> (fc; □ e 2 ) \> e\ 

(k; □ e 2 ) < Xx.e H> (k; (Xx.e) □) > e 2 

(k; (Xx.e) □) < v 2 i— > k t> e[v 2 /x] 
Fig. 2. An abstract machine semantics for CBV evaluation 

natural semantics cannot find a v such that ((Xx.xx) junk) J| v 
is derivable. Thus, working with the natural semantics, we 
cannot distinguish safe programs that do not terminate from 
programs that go wrong. This is a known obstacle to proving 
type soundness with natural-semantics specifications. 

II. Natural semantics as logic programs 

Our approach to this problem reaches back to some of the 
original work on natural semantics, the TYPOL compiler that 
translated natural semantics specifications to logic programs in 
Prolog fT). The operational interpretation introduced by this 
compilation process is only implicitly present in the original 
natural semantics presentation. We derive operational meaning 
from Figure [T]by systematically describing a search procedure 
that attempts to find an expression v and derivation e i\, v given 
an expression e. 

• If e = Xx.e', derive Xx.e' -|| Xx.e' with the first rule. 

• If e = e\ e 2 , attempt to derive ei e 2 -IJ- V using the second 
rule: 

1) Search for a v\ such that e\ -IJ. v\ is derivable. 

2) Assert that v\ = Xx.e' for some e'; fail if it is not. 

3) Search for a v 2 such that e 2 JJ- v 2 is derivable. 

4) Let e" = e'[v 2 /x] 

5) Search for a v such that e" J| v is derivable. 

6) If we succeed, derive e\e 2 ^yv with the second rule. 
Our operationalization transformation makes this implicit 
search process explicit. It is applicable to a significant frag- 
ment of Horn clause logic programs (those with a reason- 
able input-output interpretation, the so-called well-moded pro- 
grams). 

Two similar lines of work by Hannan and Miller Q and 
Ager pO) also derive abstract machines by representing a 



natural semantics as a logical specification, in AProlog and 
L-attributed grammars respectively, and then applying logical 
transformations. Our work follows this tradition of assigning 
operational behavior by means of proof search. 

III. Abstract machines as logic programs 

Given as input a standard judgments as types encoding of 
the natural semantics in Figure [T| fTT), our operationalization 
transformation produces an encoding of the abstract machine 
semantics in Figure [2] This encoding of Figure [2] is not in the 
standard judgments as types encoding, however. Instead, we 
get a substructural operational semantics, an encoding of the 
transition system as rewriting rules in ordered logic fl2| . 

The states of a substructural operational semantics are or- 
dered sequences of propositions A, contexts in ordered linear 
logic. We interpret the ordered logic proposition a • b >— » c» d 
as a local rewriting rule that allows us to transition from a 
state Ai a b A 2 to a state A 2 c d A 2 . (The connective P»Q 
is conjunction in ordered logic, and the connective P >— » Q 
is implication.) We say there is a trace A ~»* A' if we can 
rewrite A to A' with a series of transitions. 

The general idea behind operationalization is that a trace 
(eval(e) A ~»* retn(i;) A) indicates the presence of a 
derivation e JJ. v, so the left-most proposition in A, if any, 
represents a continuation that spawned the evaluation of e and 
needs to receive a v to continue. In general, operationalization 
takes the encoding of a single judgment like e JJ. v and defines 
(at minimum) an evaluation predicate eval(e) and a return 
predicate retn(w). 

Describing the proof search behavior when e = Xx.e' is 
simple. We start in the state eval(Ax.e) A. Because Xx.e Jj. 
Xx.e is immediately derivable, we can step immediately to the 
state retn(Ax.e) A. This is captured by the rule evlam: 

evlam: eval(Air.e) >— » retn(Aa;.e). 

(For brevity's sake, we are omitting a careful treatment of the 
term language; see |5 | for details.) 

Dealing with proof search e = e x e 2 requires extra ma- 
chinery. If we are in a state eval(eie 2 ) A, then the search 
procedure from Section [TT] indicates that we first should search 
for a vi such that e\ §V\. This means picking a A' and trying 
to find a trace eval(ei) A' ^»* retn(wi) A'. We introduce 
a new predicate contl(e 2 ) that stores e 2 in on the top of 
the continuation stack, letting A' = contl(e 2 ) A, while we 
attempt to evaluate e\ to a value. 

evapp: eval(ei e 2 ) >— » eval(ei) • contl(e 2 ). 

If we ever complete a trace of this form: 

eval(ei) contl(e 2 ) A-^* retn(wi) contl(e 2 ) A 

then we know there is a proof of e x JJ. v\. Then we proceed 
to check that v\ has the form Xx.e and evaluate e 2 to a value, 
storing the body of the function Xx.e in another new predicate 
cont2(Ax.e). 

evappl: retn(Ax.e) • contl(e 2 ) s— > eval(e 2 ) • cont2(Aa;.e). 



Finally, once a value v 2 returns to the left of the proposition 
cont2(Ax.e), we know that in order to prove e\ e 2 4j v it 
suffices to prove e[v2/x] 4). v. 

evapp2: retn(w 2 ) • cont2(Air.e) >— » eval([u 2 /cc]e). 

Thus, we can encode the search procedure from Section [II] 
as a transition system in ordered logic. The connection be- 
tween this four-rule specification and the transition relation in 
Figure [2] is witnessed by a translation from states k < v and 
kt>e to ordered contexts. The stack frames □ e 2 and (Xx.e) □ 
are, respectively, associated with the propositions contl(e 2 ) 
and cont2(Aa;.e). This interpretation treats Figure |2]not as an 
inductive definition but as a direct encoding of a transition 
system in ordered logic. 

IV. Conclusion 

We have shown how to take a natural semantics and make 
its implicit operational interpretation explicit as a substructural 
operational semantics. This instance of the general operational- 
ization transformation also formally connects a natural seman- 
tics specification (Figure [TJ and an abstract machine semantics 
specification (Figure [2]). The general correctness proof for this 
operationalization establishes that eval(e) ~~>* retn(i>) if and 
only if el}, v (5). 

We have implemented operationalization in SML and have 
successfully applied the transformation to a variety of exam- 
ples, including but not limited to a number of larger natural 
semantics specifications. 
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